SCA-V Assessor - Aberdeen, United States - Paragone Solutions Inc

Description

Paragone Solutions is seeking an SCA-V Assessor who leads the evaluation of cyber security risks (external & internal threats, platform & application vulnerabilities, data protection, etc.), testing controls designed to mitigate risk, communicating issues and findings to management, devising solutions for business improvements, and following-up on corrective actions, may participate on and lead professional teams to execute technical audit projects focused on evaluating the effectiveness of cyber security governance, tools and operations, may evaluate the design, effectiveness and efficiency of information technology and security processes, procedures, and technical controls including solution implementations, identify and address systemic gaps in cyber security risk management.

This is a full-time, on-site position located at Aberdeen Proving Ground, MD. Experience with classified authorizations required, NSA or other is desired. Knowledgeable in eMASS, continuous monitoring requirements, RMF 2.0, DISA STIGs, etc.

This position requires an Active DOD Top Secret (TS) Clearance with SCI and Poly. If a candidate does not have a polygraph, they must be willing to undergo a polygraph investigation.
Responsibilities Include:

• Perform all ISSO duties and responsibilities in DODI , DODI , and AR 25-2.
• Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classification to met Intelligence Community (IC), DoD and Army cybersecurity/information assurance regulations and policies. This includes providing guidance and oversight to vendors.
• Perform all ISSO duties and responsibilities in DODI , DODI , and AR 25-2.
• Direct experience with implementation of DOD-I-8500, DOD-I-8510, ICD 503, NIST 800-53, CNSSI 1253, Army AR 25-2, and RMF security control requirements and able to provide technical direction, interpretation and alternatives for security control compliant.
• Develops, reviews, evaluates and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the program's portfolio.
• Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks and resolve issues prior to formal Security Test events or Site-Based Security Assessments (SBSA).
• Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO).
• Direct experience with eMASS, XACTA or other A&A repositories required.
• Proficient in primary operating system(s) of ISs undergoing security testing (example CDSS based on Linux, individual must be proficient in Linux).
• Technical experience and certification in one or more of the following areas: windows environments, Linux, networking, containers/ virtualization, DevSecOps, or database administration.
• Familiar with NCDSMO National Cross Domain Services Management Office), TSABI (Top Secret SCI and Below Interoperability) and SABI (Secret and Below Interoperability) information assurance/cybersecurity requirements.
• Provide over the shoulder training to personnel on the function of the systems and critical cyber areas such as audit, backup and recovery, etc.

Requirements

1. Master's degree plus 8 or more years directly related experience; or Bachelors plus 10 or more years of directly related experience.
2. Degree: Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Cyber Security, Information Technology, Information Security, and Information Systems) degree required
3. Active TS/SCI (SI/TK) w/CI Poly
4. Primary Certifications - one or more of the following required: CISSP, CSSLP, CCSP or CASP+ CE (must also have Linux Cert).
5. Additional Certifications - one or more of the following is a plus: Linux+, RHEL, or other Linux type certification or training.
6. Must be willing to travel, 50% or more.

Paragone Solutions, Inc. is a boutique provider of services to the Department of Defense. We are a process-oriented (i.e. ISO 9001 certified) services company that provides cybersecurity, IT training, and industrial health/occupational safety support services. Founded in 2008, we are a certified woman-owned small business and a SBA certified 8(a) firm. Paragone offers competitive salaries and a relaxed, life-friendly work environment.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.